It's actually pretty on-par for most bug bounties. They used the same exploit on a few programs and got $11k total which ain't bad return on time.
It's actually pretty on-par for most bug bounties. They used the same exploit on a few programs and got $11k total which ain't bad return on time.
No I know it's on par I guess better rephrasing would be the par is still too low
Compared to what? What's your baseline for how much a user-interaction-required XSS vulnerability should be worth?
I'm not basing it on math.
Are you saying tho that 2.5k wouldhave been adequate in 2019? I expect 5k would have been on par then too. But idk